OpenBSD is a free and open source, Unix-like operating system with a focus on security. It is based on the Berkeley Software Distribution (BSD). In this article, we will look at how to set up a simple OpenBSD server for purposes such as:
- Webserver with HTTPD, Apache, or Nginx
- Mail server
Here are a few requirements needed for this installation:
- Access to plug-in physical media to the device.
- A system without multiboot.
- Ability to devote the entire hard drive to OpenBSD.
View the OpenBSD frequently asked questions (FAQs) for additional requirements.
Choosing the Right Version for You
A new version of OpenBSD is released every six months in the fall months and the spring months. Each version gets one full year of support with errata patches. These patches address security issues, bug fixes, and potential feature updates.
Preparing the Installation Media
The first task is to create the installation media.
Download and copy the appropriate .img file for the desired version to a USB drive. The files labeled miniroot is a web-based installation that downloads the required files over the Internet. Alternatively, files marked install contain all files necessary for installation.
Write the file to the USB drive using the dd command as the root user. Ensure your terminal is in the directory you downloaded the .img file to, and sdb is the name of the USB drive you want to write to.
dd if=./miniroot70.img of=/dev/sdb
How to Install and Set Up OpenBSD
Step 1: Boot From Installation Media
Insert the USB drive into the target server and boot to it from the boot menu.
Select Install from the main menu.
An SHA256 key that has checksums is in the directory containing the installation files. The checksums verify the integrity of the installation files, ensuring there is no data corruption. Next, cryptographically verify the image using OpenBSD’s program command, signify.
The install files do not have an SHA256.sig file, so select Yes at the prompt to proceed.
A single hard drive partition like a master boot record format (MBR) or GUID partition table (GPT) will be sliced into numerous BSD portions, almost identical to other partitions. The default partition slices are appropriate for most hard disk or solid-state drives over 20GB in size.
Step 2: Create a Standard User
A best practice is to create a standard user to avoid using the root user as much as possible. The user created during install time is automatically included in the staff class and granted extra resources, such as additional RAM per process. Invite the default user to the wheel and operator groups.
Step 3: Install OpenBSD File Sets
The OpenBSD development team strongly recommends installing all file sets, even if you do not think you need them. A set is a collection of files needed for a particular task, and some sets are mandatory, like BSD (the kernel) and base (the userland).
Others like the X11 set (the graphical user interface environment for Unix-based systems) are optional but may contain code some packages need to function. Skipped sets are automatically installed in future version installations of OpenBSD, hence the recommendation to install all sets now.
Step 4: Disable Root Login Over SSH
By default, sshd is enabled, and password-based logins are allowed for remote administration. Creating a new default user provides the option of enabling root login over SSH. It is common for servers to disable root login over SSH because attackers attempt to gain access using root.
Step 5: First OpenBSD Boot
Once the install is completed, the system should reboot and present you with a text login prompt (with X11 turned off) or a graphical login prompt.
If a network connection was established during installation, fw_update would run. It updates all firmware on the system and lists any patches you might need to install.
OpenBSD is secure by default, but regular updates maintain security. Use the syspatch command as root to install missing updates and patches.
OpenBSD sets up and configures a local mail system for the root user. The first message instructs them to read the afterboot man page. It is highly recommended to do so in order to acquaint yourself with the system.
Additional OpenBSD Information and Set Up
The default text editors are Visual (vi), new vi (nvi), and mg (an emacs clone). The root user can install the text editor of their choosing.
OpenBSD uses the rcctl for configuring and controlling daemons and services. It is the recommended tool for editing, enabling, and disabling base system daemons and services. The rcctl command also helps set the services and daemons enabled and started at boot.
For example, the following command will enable a service at boot. Change service_name to the specified service.
rcctl enable service_name
To start a service now, change enable to start as in the below command.
rcctl start service_name
The rcctl command has many other uses, such as setting flags for commands and checking the status of commands. The man page offers complete details and syntax for all command use cases.
This article walks through how to install and set up OpenBSD. The tutorial also goes through setting up users, patching the system, and performing basic system administration tasks.
Liquid Web offers many managed hosting options for your next project. Contact our sales team today for a consultation on the right fit for you.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.